diff options
Diffstat (limited to 'src/usr')
-rw-r--r-- | src/usr/local/www/vpn_ipsec_mobile.php | 17 | ||||
-rw-r--r-- | src/usr/local/www/vpn_ipsec_phase1.php | 16 |
2 files changed, 26 insertions, 7 deletions
diff --git a/src/usr/local/www/vpn_ipsec_mobile.php b/src/usr/local/www/vpn_ipsec_mobile.php index d0baa23..1d5b68e 100644 --- a/src/usr/local/www/vpn_ipsec_mobile.php +++ b/src/usr/local/www/vpn_ipsec_mobile.php @@ -147,6 +147,11 @@ if ($_POST['save']) { unset($input_errors); $pconfig = $_POST; + foreach ($a_phase1 as $ph1ent) { + if (isset($ph1ent['mobile'])) { + $mobileph1 = $ph1ent; + } + } /* input consolidation */ /* input validation */ @@ -222,6 +227,18 @@ if ($_POST['save']) { } } + if ($pconfig['user_source']) { + if (isset($mobileph1) && $mobileph1['authentication_method'] == 'eap-radius') { + foreach ($pconfig['user_source'] as $auth_server_name) { + $auth_server = auth_get_authserver($auth_server_name); + if (!is_array($auth_server) || ($auth_server['type'] != 'radius')) { + $input_errors[] = gettext("Only valid RADIUS servers may be selected as a user source when using EAP-RADIUS for authentication on the Mobile IPsec VPN."); + $pconfig['user_source'] = implode(',', $pconfig['user_source']); + } + } + } + } + if (!$input_errors) { $client = array(); diff --git a/src/usr/local/www/vpn_ipsec_phase1.php b/src/usr/local/www/vpn_ipsec_phase1.php index 5fda34b..6b26dac 100644 --- a/src/usr/local/www/vpn_ipsec_phase1.php +++ b/src/usr/local/www/vpn_ipsec_phase1.php @@ -416,16 +416,18 @@ if ($_POST) { } /* auth backend for mobile eap-radius VPNs should be a RADIUS server */ - if (($pconfig['authentication_method'] == 'eap-radius') && $pconfig['mobile']) { - $auth_server_name = $config['ipsec']['client']['user_source']; - $auth_server = auth_get_authserver($auth_server_name); - if (!is_array($auth_server) || ($auth_server['type'] != 'radius')) { - $input_errors[] = gettext("A valid RADIUS server must be selected for user authentication on the Mobile Clients tab in order to set EAP-RADIUS as the authentication method."); + if (!empty($config['ipsec']['client']['user_source'])) { + $auth_server_list = explode(',', $config['ipsec']['client']['user_source']); + foreach ($auth_server_list as $auth_server_name) { + $auth_server = auth_get_authserver($auth_server_name); + if (!is_array($auth_server) || ($auth_server['type'] != 'radius')) { + $input_errors[] = gettext("A valid RADIUS server must be selected for user authentication on the Mobile Clients tab in order to set EAP-RADIUS as the authentication method."); + } + } } } - - + /* build our encryption algorithms array */ $pconfig['ealgo'] = array(); $pconfig['ealgo']['name'] = $_POST['ealgo']; |